feat: adds OAuth/OIDC authentication for MCP

app/config.py

@@ -1,4 +1,6 @@
 from functools import lru_cache
+from typing import Literal
+
 from pydantic import Field, field_validator
 from pydantic_settings import BaseSettings, SettingsConfigDict
 
@@ -18,6 +20,12 @@ class Settings(BaseSettings):
     admin_password: str = "admin"
     session_secret: str = Field(default="dev-session-secret", min_length=8)
     mcp_token: str = "dev-mcp-token"
+    mcp_auth_mode: Literal["token", "oauth", "oauth_or_token"] = "token"
+    mcp_resource_url: str = "http://localhost:8001/mcp"
+    mcp_oauth_issuer: str = ""
+    mcp_oauth_audience: str = ""
+    mcp_oauth_jwks_url: str = ""
+    mcp_oauth_required_scope: str = "mcp:tools"
 
     @field_validator("crawl_limit", mode="before")
     @classmethod
@@ -26,6 +34,14 @@ class Settings(BaseSettings):
             return None
         return value
 
+    def oauth_jwks_url(self) -> str:
+        if self.mcp_oauth_jwks_url:
+            return self.mcp_oauth_jwks_url
+        issuer = self.mcp_oauth_issuer.rstrip("/")
+        if not issuer:
+            return ""
+        return f"{issuer}/.well-known/jwks.json"
+
 
 @lru_cache
 def get_settings() -> Settings: